wuxu/codeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(web-auth): url-decode token query param for websocket auth

Browse Source
This commit is contained in:
xintaofei
2026-04-18 20:18:58 +08:00
parent ff9fbad50a
commit cf9573c0ce
1 changed files with 14 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src-tauri/src/web/auth.rs
View File

@@ -10,10 +10,21 @@ pub async fn require_token(
next: Next, next: Next,
token: String, token: String,
) -> Response { ) -> Response {
// Allow WebSocket upgrade requests to authenticate via query param // Allow WebSocket upgrade requests to authenticate via query param.
// The token value is URL-encoded by the client, so decode before comparing.
if let Some(query) = request.uri().query() { if let Some(query) = request.uri().query() {
if query.contains(&format!("token={}", token)) { for pair in query.split('&') {
return next.run(request).await; let Some((key, value)) = pair.split_once('=') else {
continue;
};
if key != "token" {
continue;
}
if let Ok(decoded) = urlencoding::decode(value) {
if decoded == token {
return next.run(request).await;
}
}
} }
} }